Table of Contents

  1. Introduction to API Manager
  2. Administration
  3. Organization policies
  4. Analytics

API Manager Guide

API Manager Guide

Organization policies

Organization policies

Organization policies are rules that the organization creates to enforce security and access rules on all managed APIs. The organization can enforce IP filtering access policies and determine the rate at which managed API requests can be made.
The IP filtering policy designates the range of computer IP addresses that are allowed to invoke or are denied permission to invoke managed APIs. The rate limiting policy controls the number of times any managed API can be invoked during a designated time period.
In the Policies page, you can change the default rate limit policy settings, and add, edit, or delete an IP filtering policy. IP filtering policies are applied according to the order of the policies. The order of the policy determines its precedence.
You can also create a rate limit policy and an IP filtering policy for specific managed APIs. For more information, see Configuring an API-specific rate limit policy and Configuring an API-specific IP filtering policy.
When an API consumer attempts to access a managed API and is denied due to an IP filtering policy, the HTTP response includes a 403 Forbidden status code and the description Invocation is prohibited due to organization policies.
When an API consumer attempts to access a managed API and access is denied due to a rate limit policy, the HTTP response includes a 429 Too Many Requests status code and the description API rate limit reached.
When an API consumer attempts to access a managed API and is denied due to a rate limit policy or an IP filtering policy, API Manager logs an event in the event log. For more information about the event log, see Event log.


Updated September 11, 2019


Explore Informatica Network